Uploaded image for project: 'Distributed Tracing'
  1. Distributed Tracing
  2. TRACING-5846

TLS profile consistency for OpenTelemetry

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhosdt-3.9
    • None
    • None
    • None
    • TLS profile consistency for OpenTelemetry
    • Product / Portfolio Work
    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • To Do
    • 100% To Do, 0% In Progress, 0% Done

       

       

      How the operator /metrics certificates are handled:

       

       

      // If cfg.GetCertificate is still nil, i.e. we didn't configure a cert watcher, fallback to a self-signed certificate.
 if cfg.GetCertificate == nil {
 // Note: Using self-signed certificates here should be good enough. It's just important that we
 // encrypt the communication. For example kube-controller-manager also uses a self-signed certificate
 // for the metrics endpoint per default.
 cert, key, err := certutil.GenerateSelfSignedCertKeyWithFixtures("localhost", []net.IP{{127, 0, 0, 1}}, nil, "")
 if err != nil {
 return nil, fmt.Errorf("failed to generate self-signed certificate for metrics server: %w", err)
 }
 keyPair, err := tls.X509KeyPair(cert, key)
 if err != nil {
 return nil, fmt.Errorf("failed to create self-signed key pair for metrics server: %w", err)
 }
 cfg.Certificates = []tls.Certificate{keyPair}

       

       

      https://github.com/kubernetes-sigs/controller-runtime/blob/216ca460a20aa807587209c6302338cd414a4a91/pkg/metrics/server/server.go#L313 

              Unassigned Unassigned
              ploffay@redhat.com Pavol Loffay
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: